------------------------------------------------------------------------ Debian Security Advisory DSA-066-1 security@debian.org Debian -- Security Information Wichert Akkerman July 11, 2001 ------------------------------------------------------------------------ Package : cfingerd Problem type : remote exploit Debian-specific: no Steven van Acker reported on bugtraq that the version of cfingerd (a configurable finger daemon) as distributed in Debian GNU/Linux 2.2 suffers from two problems: 1. The code that reads configuration files (files in which $ commands are expanded) copied its input to a buffer without checking for a buffer overflow. When the ALLOW_LINE_PARSING feature is enabled that code is used for reading users files as well, so local users could exploit this. 2. There also was a printf call in the same routine that did not protect against printf format attacks. Since ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf local users could use this to gain root access. This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade your cfingerd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: e1e5ed3fe85f2af5304b9f0d3d236a91 MD5 checksum: 966e205737bcd43182d01114694ed52a MD5 checksum: 0461179bca7bb9b00fb23c0886666cb0 Alpha architecture: MD5 checksum: 9c43dd39460c58ed6a0134333349e2f9 ARM architecture: MD5 checksum: 70da6073d42fbbdd29a025517127ebb0 Intel IA-32 architecture: MD5 checksum: 2281e1aa8dc439680b1df546a5139aae Motorola 680x0 architecture: MD5 checksum: 19bf9fbcf1d2e1d7d38ff5bd00c6dc0a PowerPC architecture: MD5 checksum: 383389307d0ebd11b3f8a20abe1395a9 Sun Sparc architecture: MD5 checksum: 1e734a8573e1c05d8e07ffcc8543c4e9 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Debian: 'cfingerd' multiple vulnerabilities
July 11, 2001
Buffer overflow and format string attack vulnerabilities exist in previous versions of cfingerd.
Summary
Package : cfingerd
Problem type : remote exploit
Debian-specific: no
Steven van Acker reported on bugtraq that the version of cfingerd (a
configurable finger daemon) as distributed in Debian GNU/Linux 2.2
suffers from two problems:
1. The code that reads configuration files (files in which $ commands are
expanded) copied its input to a buffer without checking for a buffer
overflow. When the ALLOW_LINE_PARSING feature is enabled that code
is used for reading users files as well, so local users could exploit
this.
2. There also was a printf call in the same routine that did not protect
against printf format attacks.
Since ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf
local users could use this to gain root access.
This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade
your cfingerd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: e1e5ed3fe85f2af5304b9f0d3d236a91
MD5 checksum: 966e205737bcd43182d01114694ed52a
MD5 checksum: 0461179bca7bb9b00fb23c0886666cb0
Alpha architecture:
MD5 checksum: 9c43dd39460c58ed6a0134333349e2f9
ARM architecture:
MD5 checksum: 70da6073d42fbbdd29a025517127ebb0
Intel IA-32 architecture:
MD5 checksum: 2281e1aa8dc439680b1df546a5139aae
Motorola 680x0 architecture:
MD5 checksum: 19bf9fbcf1d2e1d7d38ff5bd00c6dc0a
PowerPC architecture:
MD5 checksum: 383389307d0ebd11b3f8a20abe1395a9
Sun Sparc architecture:
MD5 checksum: 1e734a8573e1c05d8e07ffcc8543c4e9
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory .
--
----------------------------------------------------------------------------
apt-get: deb Debian -- Security Information stable/updates main
dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Severity
News
HOWTOs
Features
About Us
Powered By
